Date: Thu, 27 Sep 2001 08:28:24 -0700 (PDT) From: Christopher Strzelczyk <cstrzelc@yahoo.com> To: freebsd-questions@freebsd.org Subject: Apache server log Message-ID: <20010927152824.55499.qmail@web12501.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hello, I was wondering if the following Apache log data is a result of the Nimda virus or if it's a real hack attempt. [Thu Sep 27 01:24:29 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/msadc/..%5c../..%5c../..%5c/..Á^\../..Á^\../..Á^\../winnt/system32/cmd.exe [Thu Sep 27 01:24:29 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/scripts/..Á^\../winnt/system32/cmd.exe [Thu Sep 27 01:24:29 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/scripts/..À¯../winnt/system32/cmd.exe [Thu Sep 27 01:24:29 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/scripts/..ÁM-^\../winnt/system32/cmd.exe [Thu Sep 27 01:24:30 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/scripts/..%5c../winnt/system32/cmd.exe [Thu Sep 27 01:24:30 2001] [error] [client 198.88.14.4] File does not exist: /usr/HTTPServer/htdoc s/en_US/scripts/..%2f../winnt/system32/cmd.exe The script thinks it's a windows box. I think this is the latest virus but I'm not sure. Also are there any programs I can run to block logging of these messages to the error_log. The logs are getting quite large. Thank You -Chris ===== Chris Strzelczyk cstrzelc@yahoo.com chris4136@email.com __________________________________________________ Do You Yahoo!? Listen to your Yahoo! Mail messages from any phone. http://phone.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010927152824.55499.qmail>